Host unable to connect to F-Secure Policy Manager Server after upgrading or installing F-Secure Client Security 14.x (or later)

Issue:

After upgrading or installing Client Security 14.x, you encounter issues with communication. Symptoms include:

  • the host is unable to connect to F-Secure Policy Manager Server
  • the host is not visible on the Import host list in Policy Manager Console.
However, the hosts might be able to download updates.

Resolution:

Note: Make sure that the F-Secure Policy Manager address is correct and that the host communication ports (TCP/UDP default 80 and 443) are available and open.

Test the connectivity between the clients and Policy Manager:

  1. Open the Policy Manager address in a browser from a client: http://pms-server.local:80 and https://pm-server.local:443.

If you get an "F-Secure Welcome page", the connection is working. If not, check that the host communication TCP/UDP ports to the Policy Manager Server are allowed in your firewall.
  1. Make sure that you have configured the Policy Manager IP address and/or hostname correctly and that the ports configured for host modules are correct. Default ports after installations are 80 for HTTP and 443 for HTTPS.
On the computer running Client Security, the following log contains details on the connectivity with Policy Manager Server. Use it to troubleshoot connection issues:
C:\ProgramData\F-Secure\Log\BusinessSuite\PmpSelectorPlugin.log

Below is an example of a failed connection:
 
2019-03-04 14:11:50.150 [10d8.1588]  I: Connecting to wait.pmp-selector.local
2019-03-04 14:11:50.150 [10d8.1588]  I: Update check failed, error=210 (unable to resolve host)
2019-03-04 14:11:50.150 [10d8.1588]  I: Connection failed
2019-03-04 14:12:50.871 [10d8.15a0] .W: ServerFinder:Smiley Tongueing: Ping to {host: 10.10.10.10, http: 82, https: 443} aborted. There are no valid certificates
2019-03-04 14:12:50.871 [10d8.15a0]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10.10.10.10
2019-03-04 14:13:11.908 [10d8.15a0] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies. AsyncSendRequest failed: 12002
2019-03-04 14:13:11.908 [10d8.15a0] .W: CosmosUpdater::Run: No servers responded. Policy Manager unavailable.

Error 12002 means ERROR_WINHTTP_TIMEOUT > Client Security cannot connect to Policy Manager to fetch this list.
A complete list of Microsoft Windows HTTP Services errors is available here

Below is an example of a working connection:

2019-09-05 09:00:19.789 [0fd0.136c] I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10.11.10.10
2019-09-05 09:00:19.839 [0fd0.136c]  I: UpdatablePmCertVerifier::RenewCertificates: 2 certificate(s) renewed successfully; expire in 86170 seconds

Article no: 000010321

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
1 of 1
Last update:
Wednesday
Updated by: